It seems like every week now there’s a new cybersecurity threat grabbing headlines for the innovative way it manages to get passed security defenses. The latest is Bad Rabbit, a ransomware that disguises itself an Adobe Flash update to inject malware on to an endpoint. Naturally, there’s a lot of frustration with endpoint security these days. In fact, Malwarebytes, a provider of software used to remove malware from endpoints published a report this week that finds almost 40 percent of the systems that its software has been used on had two or more registered instances anti-virus (AV) software installed.
Based on an analysis of 10 million endpoints, the Malwarebytes report also shows that nearly the same percentage of systems were running an instance of one of four of the market-leading AV software packages.
The top ransomware types detected on compromised machines with AV software installed were Hidden Tear (41.65%) and Cerber (18.26%). Botnets most frequently detected included IRCBot (61.56%) and Kelihos (26.95%). The most prevalent trojan types were Fileless (17.76%) and DNSChanger malware (17.51%).
The fact that malware still manages to evade AV software that has been certified in a lab to combat those threats shouldn’t come as much of a surprise to the average IT professional. But Malwarebytes CEO Martin Kleczynski says the degree to which AV software is not effective should create an opportunity for end users and IT security professionals to reflect on the fact that IT security is a numbers game. There is no silver bullet when it comes to security. Organizations need to master an array of defenses, says Kleczynski.
Because of this issue, a layered approach to IT security is more important than ever. No one would suggest not deploying AV software on endpoints. There is a battle taking place between a new and old AV guard for the control of the next-generation of AV software that relies less on attack signatures. Those new offerings making extensive use of analytics and machine learning algorithms to bolster endpoint security. But even when endpoints have the highest level of security available there’s still a good bet that malware is lurking in them.
The next line of defense after the endpoint is obviously the network perimeter. The challenge IT organizations face now is that thanks to the rise of cloud computing that network perimeter is broader than ever. Application workloads are more distributed than ever. Securing the perimeter today requires everything from physical appliances and application firewalls to any number of gateways. Beyond that, there’s also a broad array of security technologies to be employed ranging from encryption to intrusion detection and prevention systems that are needed to protect an organization’s most sensitive data. And thanks to the rise of ransomware data protection and recovery is now a standard part of the IT security equation. Given all the technologies that need to be mastered, it is little wonder that more organizations are relying on external service providers to manage security on their behalf.
IT security isn’t likely to get easier any time soon. Advances in technologies such as machine learning technologies will do more to level the playing field than they do to eliminate all threats. In fact, if anything, the savvy IT security professional that knows how to mount the most effective security defenses possible will continue to be worth their weight in gold for years to come.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.